_________________________________________________________
Guide to (mostly) Harmless Hacking
Vol. 5 Programmers' Series
No. 1: Shell Programming
_________________________________________________________
Honest to gosh -- programming is easy. If you have never programmed in your
life, today, within minutes, you will become a programmer. I promise. And
even if you are already a programmer, in this Guide you just might discover
some new tricks that are lots of fun.
Amazingly enough, many people who call themselves hackers don't know how to
program. In fact, many el1te haxor types claim they don't need to know how
to program, since computer programs that do kewl stuph like break into or
crash computers are available for download at those HacK3r Web sites with
the animated flames and skulls and doom-laden organ music.
But just running other people's programs is not hacking. Breaking into and
crashing other people's computers is not hacking. Real hacking is exploring
and discovering -- and writing your own programs!
********************************************************
In this Guide you will learn:
* Why should hackers learn how to program?
* What is shell programming?
* How to create and run scripts
* Shell scripts on the fly
* Slightly stealthy scripts
* Examples of fun hacker scripts
Plus, in the evil genius tips, you will learn how to:
* Talk about the Turning Machine Halting Problem Theorem as if you are some
sort of forking genius
* Find instructions on how to create deadly viruses
* Set your favorite editor as default in Pine
* Link your bash history file to dev/null
* Keep simple Trojans from executing in your account
* Save yourself from totally messing up your .tcshrc, .bashrc etc. files.
*******************************************************
Why Should Hackers Learn How to Program?
Back in 1971, when I was 24, I was as nontechnical as they come. But my
husband at the time, H. Keith Henson, was always talking about "buffer in,"
"buffer out" and assembly language stuff.
Keith was one of the earliest of hackers, and a hacker in the pure sense,
someone who wasn't afraid to try unusual things to save memory (a scarce
resource on even the biggest computers of the 1970s) or cut CPU cycles. So
one June morning, tired of me looking dazed when he came home babbling
excitedly about his latest feat, he announced, "You're going to learn how to
program." He insisted that I sign up for a course in Fortran at the
University of Arizona.
The first class assignment was to sit at a punch card machine and bang out
a program for the CDC 6400 that would sort a list of words alphabetically.
It was so fun that I added code to detect input of characters that weren't
in the alphabet, and to give an error message when it found them.
The instructor praised me in front of the class, saying I was the only one
who had coded an extra feature. I was hooked. I went on to write programs
with enough length and complexity that debugging and verifying them gave me
a feel for the reality of the Turing Machine Halting Problem theorem.
I discovered you don't have to be a genius to become a professional
programmer. You just have to enjoy it enough to work hard at it, enjoy it
enough to dream about it and fantasize and play with programming in your
mind even when you aren't in front of a keyboard.
******************************************************
Evil Genius tip: The Turing Machine Halting Problem theorem says that it is
impossible to thoroughly debug -- or even explore -- an arbitrary computer
program. In practical terms, this means that it super hard to make a
computer network totally secure, and that it will never be possible to write
an antivirus program that can protect against all conceivable viruses.
For a more rigorous treatment of the Turing Machine Halting Problem theorem
-- yet written in language a non-mathematician can understand -- read the
"Giant Black Book of Computer Viruses" by Dr. Mark Ludwig, American Eagle
Publications. This book will also teach you how to write the most deadly
viruses on the planet -- or programs to fight them! You can order it from
http://www.amazon.com. Warning-- in order to fully appreciate this book, you
have to know assembly language for 80x86 CPUs. But it is the most
electrifying computer manual I have ever read!!!!
********************************************************
That is the heart of the hacker spirit. If you are driven to do more and
greater things than your job or school asks of you, you are a real hacker.
Kode kiddies who think breaking into computers and typing f*** every third
word while on IRC are not hackers. They are small-time punks and vandals.
But if you aspire to become a true hacker, you will become a programmer, and
reach for the stars with your code.
What Is Shell Programming?
If you have been following the earlier Guides to (mostly) Harmless Hacking
(GTMHH), you are already familiar with many fun Unix commands. Shell
programming is writing a file that holds a sequence of Unix commands, which
you can run in your shell account by typing in only one line.
****************************************************
Newbie note: Don't know what a shell account is? Unix leaves you scratching
your head? You *must* have a shell account to learn shell programming. You
can get one for free at http://sdf.lonestar.org. Just set up a PPP
connection and telnet into Lonestar for your Unix fun! However, Lonestar
doesn't allow you to telnet out. For a full service shell account, check out
http://rt66.com. Yes! They have ssh logins!
For details on how to use a shell account and instructions on lots of fun
Unix commands, see the GTMHHs on shell accounts at
http://techbroker.com/happyhacker.html.
**************************************************
If you are familiar with DOS, you may have already done something similar
to shell programming: DOS batch files. The basic idea is that you write a
series of DOS commands and save them with a file that ends with the
extension "bat."
For example, you might name your batch file "myfile.bat." Then any time you
want to run it, you just type "myfile" and it runs all the commands inside
that file. (Note: if you are in a different directory from myfile.bat, you
either have to tell your computer where to look for it with a "path"
command, or by typing in the entire path, for example "c:\myprograms\myfile.")
Unix -- an operating system that was created long before DOS -- can do
something very similar to a DOS batch file. Instead of typing Unix commands
one by one every time you need them, you can write a shell script that
automatically executes that sequence. Then you save it as a file with
permissions that make it executable.
***************************************************
Newbie note: "Executable" doesn't mean the computer goes out and murders
your poor file. It means that when you type the name of that file, the
computer looks inside and does what your file tells it to do.
"Permissions" mean what can be done by who with a file. For example, you
could set the permissions on your shell account file so that only someone in
your account could execute it. Or you could make it so anyone in the world
could run (execute) it -- something you usually do with the files in your
Web site, so that anyone who surfs in may read them.
***************************************************
But there is one huge difference between DOS and Unix commands. In DOS, the
commands "mkdir" and "MKDIR" do exactly the same thing. In Unix, they would
be two totally different commands. Be absolutely careful in this lesson to
type all commands in lower case (small) letters, or this stuff will not work.
How to Create and Run a Script
Why are we starting with shell script programming? The reason is that they
are easy. Honest, they *are* easy. So easy, there are several ways to make
them.
First, let's walk though the Pico way to create a simple script.
1) Open an editor program. We'll use the easiest one: Pico. At the prompt in
your shell account, simply type in "pico hackphile." ("Hackfile" will be the
name of the script you will create. If you don't like that name, open Pico
with the name you like, for example "pico myfilename.")
This brings up a screen that looks a lot like the Pine email program's
"compose mail" screen.
********************************************************
Evil genius tip: If your shell account is half-way decent, you will have
Pine and it will allow you to choose whatever editor you want for composing
email. Default is Pico. But you may configure it to use other editors such
as the far more powerful vi or emacs. Just go to the main menu on Pine, then
to Setup, then to Configure, then scroll down almost to the end of all the
options. There will be a line "editor = pico." Put in your favorite editor!
If you regularly use Pine to compose email, you will keep in practice by
using its editor, making it much easier to write programs.
********************************************************
Here's what your Pico screen should look like:
UW PICO(tm) 2.9 File: hackphile
[ New file ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Pg ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where is ^V Next Pg ^U UnCut Text^T To Spell
At the bottom is some fast help, a list of commonly used Pico commands.
That "^" thingy means to hold down the control key while hitting the letter
of the alphabet that follows. Besides these commands, some others that it
helps to know for Pico are:
^e moves the cursor to the end of a line
^a moves the cursor to the beginning of a line
^d deletes a character
^f moves the cursor forward (or use the -> arrow key if it works)
^b moves the cursor backward (or use the list
ls -alK|more
w|more
Then hold down the control key while hitting the letter "d." This will
automatically end the "cat" command while saving the commands "ls -alK|more"
and "w|more" in the file "list." Then make it executable with the command:
"chmod 700 list." (If chmod 700 doesn't work on your system, try the
alternative ways to make it executable in 4) above.)
Now, whenever you want to see everything you could ever want to see about
your files, followed by a list of info on whoever else is also logged into
shell accounts at the Unix box you use, just type in the command "list."
This will give you something like:
total 127
drwx-----x 8 cpm 1536 Dec 28 14:37 .
drwxr-xr-x985 root 17920 Dec 26 17:56 ..
-rw------- 1 cpm 0 Aug 27 08:07 .addressbook
-rw------- 1 cpm 2285 Aug 27 08:07 .addressbook.lu
lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history -> /dev/null
-rw-r--r-- 1 cpm 1856 Oct 8 09:47 .cshrc
(snip)
3:01pm up 5 days, 6:48, 9 users, load average: 1.87, 1.30, 1.08
User tty login@ idle JCPU PCPU what
phill ttyp0 2:39pm 1 11 -csh
flattman ttyp1 2:27pm 4 4 tf
kjherman ttyp2 1:13pm 1:43 telnet ftp.fubar.com
cpm ttyp4 1:08pm 13 w
johnp ttyp5 Sat 6pm 1 1:29 7 -tcsh
kjherman ttyp6 1:15pm 1:43 telnet fubar.com
kjherman ttyp8 1:16pm 1:43 /bin/csh /usr/local/bin/cmenu
momshop ttyp9 2:50pm 10 /usr/local/bin/pine
swit ttypa 9:56am 4:20 41 -csh
joy ttypc 3:00pm 2 1 -csh
***************************************************
Newbie note: What does all that stuff mean? Sorry, this is an advanced
GTMHH, so all I'm going to tell you is to give the commands "man ls" and
"man who" to find out all this stuff.
OK, OK, I'm sorry, here's a little more help. The "|" means "pipe." When you
have two commands on either side of a pipe command, this makes the output of
the command on the left hand side of the "|" pipe into the command on the
right hand side. So "w|more" tells your computer to do the command "w" and
pipe its output to the command "more." Then "more" displays the output on
your monitor one screen at a time, waiting for you to hit the space bar
before displaying the next screen.
What does "lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history ->
/dev/null" mean? "l" means it is a linked file. The first set of rwx's mean
I (the owner of the account) may read, write, and execute this file. The
second rwx means my group may also read, write and execute. The last set
means anyone in the world may read, write and execute this file. But since
it's empty, and will always stay empty, too bad, kode kiddies.
***************************************************
***************************************************
Evil genius tip: In case you saw that supposed bash history file of mine
some haxors were making phun of on some email lists, here's two ways you can
tell it was faked and they were seriously deficient in Unix knowledge.
a) See that funny notation above, "bash_history -> dev/null? My
.bash_history has been linked to dev/null (dev/null means "device null"
which is a fancy way of saying everything goes to bit heaven never to be
seen again) since Oct. 9, 1997 -- long before some sooper genius emailed
around that fake file!
Here's how you can make your bash history disappear. Simply give the
command "ln -s /dev/null ~/.bash_history."
b) If you have the bash shell, and haven't linked it yet to dev/null, get
into it and use the "talk" command to chat with someone for awhile. Then
give the command "more .bash_history." You will see that unlike that
supposed bash history file of mine, the stuff you type in during a "talk"
session does not appear in the .bash_history file. The guy who faked it
didn't know this! Either that, or he did know, and put that in to trick the
people who would read it and flame me into revealing their ignorance.
The guys who got caught by this trick tried to get out of their embarrassing
spot by claiming that a buffer overflow could make the contents of a talk
session turn up in a bash history file. Yeah, and yesterday they saw Elvis
Presley at a grocery story, too.
***************************************************
Slightly Stealthy Scripts
Now suppose you are worried about really clueless kode kiddies getting into
your shell account. Believe it or not, many people who break into computers
are almost totally ignorant of Unix. For example, at Def Con V a friend,
Daniel, conducted an informal poll. He asked dozens of attendees if they
knew the "cat" command. He found that over half the people there had never
even heard of it! Well, *you* know at least one way to use "cat" now!
Another example of haxor Unix cluelessness was a fellow who broke into my
shell account and planted a Trojan named "ls." His idea was that next time I
looked at my files using the Unix ls command, his ls would execute instead
and trash my account. But he forgot to give the command "chmod 700 ls." So
it never ran, poor baby.
******************************************************
Evil genius tip: Damian advises "NEVER put '.' (the current working
directory or cwd) in your path! If you really want "." in your path, make
sure it is the last one. Then, if a Trojan like ls is in your current
directory, the _real_ ls will be used first. Set your umask (umask is the
command that automatically set permissions on all files you create, unless
you specify otherwise) to something more secure than 022, I personally use
077. Never give group or other write access to your directory and be leery
of what others can read."
For your reading enjoyment, use the commands "man chmod" and "man umask" to
get all the gory details.
******************************************************
Here are ways to make shell scripts that the average clueless person who
breaks into a computer won't be able to run.
First, when you name your script, put a period in front of the name. For
example, call it ".secretscript". What that period does is make it a hidden
file. Some kode kiddies don't know how to look for hidden files with the
command "ls -a."
After you make your script, don't give the "chmod 700" command. Just leave
it alone. Then when you want to execute it, give the command "sh hackphile"
(substituting for "hackphile" the name of whatever script you wish to
execute). It will execute even though you never gave that chmod 700 command!
What you have done with the "sh" command is launch a temporary new Unix
shell, and then send into that shell the commands of your script.
Here's a cool example. Make this script:
cat > .lookeehere!
who|more
netstat|more
Remember to save this script by holding down the control key while hitting
the letter "d". Now try the command: ".lookeehere!" You should get back
something that looks like:
bash: ./.lookeehere!: Permission denied
That's what will stump the average kode kiddie, presuming he can even find
that script in the first place.
Now try the command "sh .lookeehere!" All of a sudden you get screen after
screen of really interesting stuff!
Your Internet Service provider may have disabled some of the commands of
this Guide. Or it may have just hidden them in directories that you can get
to if you know how to look for them. For example, if the "netstat" command
doesn't work, give the command "whereis netstat." or else "locate netstat."
If, for example, you were to find it in /usr/bin, you can make that command
work with "/usr/bin/netstat" in your script.
If neither the whereis or locate commands find it for you, if you are a
newbie, you have two choices. Either get a better shell account, or talk
your sysadmin into changing permissions on that file so you can execute it.
Many sysadmins will help you out this way -- that is, they will help if when
they check their syslog files they don't find evidence of you trying to
break into or trash computers. Neat trick: take your sysadmin to a fancy
restaurant and wait to ask him for access to EVERY Unix command until after
you have paid for his meal.
*****************************************************
Evil genius tip: Your sysadmin won't let you run your favorite Unix
commands? Don't grovel! Compile your own! Most ISPs don't mind if you keep
and use your favorite Unix stuff in your own account. Says Damian, "I tend
to keep my own binaries in ~/bin/ (My home directory slash bin) and put that
in my path. (With the directory being 700 or drwx------ of course)."
Where can you get your own? Try http://sunsite.unc.edu/pub/Linux/welcome.html
*****************************************************
Now it's time to really think about what you can do with scripts. Yes, a
shell script can take a complex task such as impressing the heck out of your
friends, and make it possible for you to do by giving just one command per
cool stunt.
If you are a bit of a prankster, you could create a bunch of scripts and
use them to make your friends think you have a special, super duper
operating system. And in fact you really will, honestly, be in control of
the most special, wonderful operating system on the planet. The beauty and
power of Unix is that it is so easy to customize it to do anything and
everything! Windows no! Unix yes!
****************************************************
Evil Genius tip: Bring up the file .login in Pico. It controls lots of what
happens in your shell account. Want to edit it? You could totally screw up
your account by changing .login. But you are a hacker, so you aren't afraid,
right? Besides, if you mess up your shell account, you will force yourself
to either learn Unix real fast so you can fix it again, or else make friends
with tech support at your ISP as your try to explain why you accidentally
mapped the letter "e" to mean "erase." (I did that once. Hey, no one's
perfect!)
For example, do you have to put up with some babysitter menu every time you
log in? Do you see something that looks like "/usr/local/bin/menu" in
.login? Put a "#" in front of that command (and any other ones you want to
put to sleep) and it won't execute when you login. Then if you decide you
are sorry you turned it off, just remove the "#" and that command will work
again.
Damian adds "Of great importance to newbies and a sign of great
intelligence in advanced Unix gurus is backing up before you screw it up,
i.e., in your pico of .cshrc. Their command lines should contain: mkdir
.trash;chmod 700 .trash;cp .cshrc .trash; pico .cshrc.
"Or, make the following alias in your .cshrc after creating your
'.trash'directory: alias backup 'cp \!$ ~/.trash'
"When you next source the .cshrc, you just type 'backup filename' and it
will be copied into the .trash directory in case you need it later.
"Modify the startup script, save the changes and then telnet in a second
time to see if it works. If it doesn't, fix it or 'cp ~/.trash/.cshrc ~'. I
don't recommend you 'source' the newly modified file because if it's
screwed, so are you. It's always best to keep one session untarnished, just
in case. If it works OK on your 2nd login, then you can 'source
.cshrc;rehash;' in your first window to take advantage of the changes made."
*******************************************************
OK, now how about just cutting loose and playing with scripts? See what
wonderful things you can do with them. That's what being a hacker is all
about, right? And thanks to Damian Bates, great fan of the Bastard Operator
from Hell, for reviewing and contributing to this Guide. Check out his Web
site at http://bofh.mysite.org/damian. Parental discretion advised:)
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://techbroker.com/happyhacker.html.
We are against computer crime. We support good, old-fashioned hacking of the
kind that led to the creation of the Internet and a new era of freedom of
information. So don't email us about any crimes you have committed!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1997 Carolyn P. Meinel, cmeinel@techbroker.com. You may forward or
post this GUIDE TO (mostly) HARMLESS HACKING on your Web as long as you
leave this notice at the end.
_________________________________________________________
R.J. Gosselin, Sr.
~+~+~+~~+~+~+~+~+~+~+~~+~+~+~+~+~+~+~+
Editor-In-Chief -- Happy Hacker Digest
~+~+~+~~+~+~+~+~+~+~+~~+~+~+~+~+~+~+~+
"There is no way you're describing our system,
she could never have gotten past our security.
But I'm going to find her and see that she's prosecuted ...
she broke the law, and she's going to pay!"
President of "Blah Blah Bank"
-->>> Does anybody ELSE see a small discrepancy here ???????
*****************************************
For full story (and many others), download
"External Threats to Computer Security in Networked Systems"
from Winn Schwartau's InfoWar.com bookstore @ www.infowar.com